diff --git a/pkg/api/target.go b/pkg/api/target.go
index 2ed48bac..966830ba 100644
--- a/pkg/api/target.go
+++ b/pkg/api/target.go
@@ -9,6 +9,7 @@
 package api
 
 import (
+	"crypto/tls"
 	"errors"
 	"strings"
 	"time"
@@ -165,6 +166,14 @@ func TLSVersion(v string) TargetOption {
 	}
 }
 
+// TLSConfig
+func TLSConfig(tlsconfig *tls.Config) TargetOption {
+	return func(t *target.Target) error {
+		t.Config.SetTLSConfig(tlsconfig)
+		return nil
+	}
+}
+
 // LogTLSSecret, if set to true,
 // enables logging of the TLS master key.
 func LogTLSSecret(b bool) TargetOption {
diff --git a/pkg/api/types/target.go b/pkg/api/types/target.go
index 7605c220..042fab81 100644
--- a/pkg/api/types/target.go
+++ b/pkg/api/types/target.go
@@ -152,6 +152,8 @@ type TargetConfig struct {
 	CipherSuites     []string          `mapstructure:"cipher-suites,omitempty" yaml:"cipher-suites,omitempty" json:"cipher-suites,omitempty"`
 	TCPKeepalive     time.Duration     `mapstructure:"tcp-keepalive,omitempty" yaml:"tcp-keepalive,omitempty" json:"tcp-keepalive,omitempty"`
 	GRPCKeepalive    *clientKeepalive  `mapstructure:"grpc-keepalive,omitempty" yaml:"grpc-keepalive,omitempty" json:"grpc-keepalive,omitempty"`
+
+	tlsConfig *tls.Config
 }
 
 type clientKeepalive struct {
@@ -174,8 +176,15 @@ func (tc TargetConfig) String() string {
 	return string(b)
 }
 
+func (tc *TargetConfig) SetTLSConfig(tlsConfig *tls.Config) {
+	tc.tlsConfig = tlsConfig
+}
+
 // NewTLSConfig //
 func (tc *TargetConfig) NewTLSConfig() (*tls.Config, error) {
+	if tc.tlsConfig != nil {
+		return tc.tlsConfig, nil
+	}
 	var ca, cert, key string
 	if tc.TLSCA != nil {
 		ca = *tc.TLSCA